Sunday, January 17, 2010

Our current model of identity online is a poor representation of how we manage identity in the real world. As mass participation becomes ubiquitous, and the web becomes one of our primary social and political environments, we need to do better. Multiple identities, pseudonymity, anonymity and credibility are necessary aspects - a fundamental part of how we should be managing identity on the web. Most importantly, public participation in government needs a unified mechanism for managing these things. I'll propose the basis for a mechanism that supports this - one that reconciles the desire for multiple identities with the hassle of multiple logins.

Before starting, it's necessary to highlight a series of blogs about online identity by Andy Oram. He does an excellent job of assessing the landscape - the coverage is extensive and well researched. One key observation he makes is that our online identity is becoming more unified rather than fragmented. This is true, but it is happening because we are engineering identity management to achieve this - not because this unification is a natural expression of our human nature.

[Sherry Turkle] claims that we do maintain multiple online identities, and that this is no simple game but reflects a growing tendency for us to have multiple selves. The fragmentary and divided presentation of self online reflects the truth about ourselves, more than we usually acknowledge.

It's not a strange multiple personality disorder that we're all afflicted with - it's simple human nature. We can think of our society as a complex multi-dimensional venn diagram, where each person's perception of their identity is represented by a single circular region, and intersections between these regions represent groups. We see this all the time in our personal relationships - there are obvious differences between how our partner, family, friends and colleagues understand us, and what information we are prepared to offer them. We maintain all of these relationships - we keep information from some people while providing it to others, and people sometimes make stuff up. It's not some nefarious deceit - it's just a fundamental part of the way humans manage relationships.

We see regular evidence of this human behaviour online. We attempt to keep professional and social associations separate on Linked-in and Facebook. We experience discomfort when 'friended' on Facebook by people we don't consider friends. Obviously the boundaries vary greatly for each person and within each group, but that's part of the point - everybody is different, everybody creates boundaries where they are comfortable, and not everybody is a friend. The push to make us all singularly open creates weird fantasy lands - just what you would expect in the real world if we were only able to expose a single identity - the minimum intersection that is comfortable in every context.

An unfortunate aspect of this is that our uniqueness, our creativity, our gravitas even, is often best represented by the parts of us that intersect the least. This is regularly the best expression of who we really are, what drives us, and what makes us unique individuals. We have many real world identities - subsets, intersections and mutual exclusions - all of them constantly moving. It seems utterly counter-intuitive to me that we should be engineering our online world to bring all the regional intersections of our social venn diagram into alignment. Unless we are trying to model something different to real-world identity, then we're doing it wrong.

Tim O'Reilly noted that 'It's not a matter of perfect intelligence and perfect stupidity, its a matter of a mixture of intelligence and stupidity, of brilliance and idiocy all in the same brain, of failures of will, failures of virtue, failures of goodness, at the same time as enormous heroism, enormous accomplishment - all these things are going to be true of internet applications, just as it is true of individuals'. We need to embrace our humanity, and recognise that the quest for our one true, homogenous and palatable internet identity is just an insidious endeavour in global groupthink.

Multiple identities online give us new opportunities for self expression as well - providing the capability to publicly explore elements of our psyche that we would otherwise keep private. Some of that will be roughly hewn rubbish, it's true, but the key here is that the internet provides new opportunities to be comfortable with being wrong. If we are anonymous, we need not fear rejection. This is important, because the idea of 'fail fast' is one that we know to reap rewards. Allowing multiple identities gives us new opportunities to fail fast as individuals, and, on rare occasions, to succeed fast. Either way it's a win-win situation. It's not just the identity owner who benefits - if we enable more fail-fast behaviour, for individuals and groups, then society as a whole benefits enormously.

How can we engineer support for multiple identities?

Whether or not you agree with the argument for multiple identities, a mechanism for achieving it is reasonably obvious. If we see the internet operating system emerging, then we should need to log in once with an identity provider, and have the opportunity to switch profiles at will. Each application in the operating system sees a profile as an identity, and only the identity provider maintains the information that associates profiles. It's up to me whether I want one or many profiles. It's my responsibility to take as little or as much care as I like to keep these worlds logically separate from each other. I get to define how much information about my true identity is revealed in a particular profile. If I only want one profile, then usage would be identical to our current experience. It's fairly simple, and it's a better match for the reality of how we manage identity in the real world.

It's understandable that we don't have this today1 - but we shouldn't kid ourselves that what we do have is a good representation of how we manage identity in the real world. Sometimes we seem to be working on the assumption that human nature should be changed rather than modelled [Mark Zuckerberg][Eric Schmidt]. Looking at the Apple Human Interface Guidelines for some perspective on this is quite helpful -

To help you discover the mental models people associate with your product’s tasks, look at how they perform similar tasks without a computer... Design your product to reflect these things, but don’t insist on replicating each step a user might take when performing the task without a computer. Take advantage of the inherent strengths of the computing environment to make the whole process easier or more streamlined.

Obvious stuff, and it not only highlights that we should be modelling the way people do things in the real world, but that we should be seeking improved facilitation of this behaviour.

Additional considerations with this approach

It might be argued that people maintaining multiple identities is a hassle for the authorities. However like most things, regulation and control is a better solution for something that people will undertake regardless of the authorities' position. A key element of the above solution is that an identity provider maintains the relationship between profiles, and can correlate this to a single login. A profile can be provided to an application with data that only the identity provider can use to perform this correlation. It's easier to regulate and control. I'm not suggesting people would cease to create multiple logins, but we would observe some separation between those who manage multiple identities for reasons of self expression, and those who do so for nefarious purposes. Of course there are many legitimate reasons why someone might not want any linking information to be stored, and I'll explore that scenario below when looking at 'true anonymity'.

The risk of unauthorised access at the identity provider is real, as is hacker activity. These represent the greatest risk to identity management in general, but especially maintenance of separate identities. It seems clear to me, however, that as identity provision becomes standardised, and its importance better understood, the need for security and enforcement against such breaches will become more obvious and more regulated. The role of identity provider will increasingly become one which carries significant responsibility and users will choose an identity provider on the basis of how they perceive the security they offer. As we enter the world of public participation in government, many aspects of identity management will become increasingly necessary - the need for regulation, trust, verifiability and credibility will all see an increase in importance.

Credibility

Credibility is something that we know is necessary for online activities that require trust. No one likes a zero star seller. With the identity management solution outlined above, we get new opportunities for managing credibility - especially if this is something maintained by the identity provider. For example, e-bay could specify that their reputation is transferable between user identities - so that no matter which profile we enter e-bay with, we retain a common reputation score. Conversely, a forum might specify that reputation is not transferrable. This leads to yet another interesting possibility - the capacity to merge profiles. If you have been posting on a forum with multiple profiles, you might choose to combine them, and with such a merger deliver increased (or decreased) reputation to the new identity.

One of the arguments against multiple identities is that it generates a lot of noise - people being antagonistic, offensive or just spouting rubbish with no requirement to own up to these contributions. Using a credibility mechanism provides an excellent tool for managing this problem. A profile with low credibility (such as one that is newly created, or often marked down) can be easily distinguished from one with high credibility. It would generally be in the user's interest to improve the credibility of the profiles that they use. Credibility metrics are a critical example of how we can achieve additional benefits in online identity management.

Verifiability is a part of credibility, but it has some interesting additional aspects. An identity provider could offer the means for you to verify that you are you. If you provided your passport or driver's licence, then the identity provider could indicate this increased confidence in each of your profiles by increasing your credibility. In something like participation in government - the fact that you have this kind of credibility could be a requirement for participation in some forums. Something similar could be achieved for qualifications. This mechanism would also provide significant protection against online identity theft. I'm not proposing that this should be a requirement for having an online identity, but would represent a legitimate option for improving credibility.

Plenty of other credibility management opportunities exist, particularly around endorsement by others - but the basic argument is that delivery of a mechanism for managing credibility - one that can span the entire user or individual profiles and apply both in individual applications and universally - is a basic and necessary part of participation on the web.

What about Gov 2.0?

Gadi Ben-Yahuda provided some good analysis of the role of anonymity in Gov 2.0, observing that there are pro's and con's. He concluded that we do need to reveal our true identity to contribute to online government, and constructed a useful scale of escalating disclosure on the basis that the more influence you have, the less private you should be. He concluded that participation in Gov 2.0 required scrutiny a little greater than we would expect when speaking at a town-hall. However, it's a one-size-fits-all observation - Gov 2.0 should enable us to participate at all the levels he identified and more in between. With the ability to maintain multiple online identities, we can achieve this relatively easily, providing the user with the means to reveal only what is required by the particular forum. This is a great application of the human interface guidelines - we can deliver a better outcome by taking advantage of the strengths of the computer environment.

His main argument in support of anonymity is that it allows the speaker to be completely truthful - they don't need to fear personal repercussions for saying what they really think. It's important to observe that this is the primary reason why we vote anonymously. Not only that, but it's considered rude to expect someone to tell you how they voted. It's a critical example of the need for anonymity in real world government processes.

True Anonymity

The Electronic Frontier Foundation makes a number of good points on the role of anonymity, especially in relation to government and politics. The statement highlights the fact that we need secure anonymity. They argue that you will only say what you think if you feel confident that your anonymity can be preserved. Clearly if an identity provider maintains the relationship between your profiles, and provides trackable information to an application (even though the application itself cannot use it), then there is no such guarantee.

For true anonymity to work, the identity provider must deliver an anonymous profile to the application - one that does not contain information to link back to the user id at the identity provider. You might maintain many anonymous profiles, and provide as much or as little information as you liked - your credibility, your country of residence, even your postcode - the key is that the application isn't given the specific identifying information needed to trace back to your account at the identity provider. Obviously if you gave up too much information in your anonymous profile, then deduction might be sufficient to identify you - but that is a risk for the user to manage. Also, there would be no way for credibility to be affected by contributions made anonymously, but providing your base credibility with the anonymous profile might be considered useful in some contexts. It is important to recognise that we can achieve 'true anonymity' while still providing information that is trustable, and might be required in a particular forum.

Another consideration is that delivering true anonymity would need to be reconciled with the authorities' desire to track internet usage against real identities - a battle which the EFF and governments are fighting on a daily basis. It's not necessary to open this can of worms here - just to observe that there is no technical reason why true anonymity cannot be supported. Even more importantly, if we want to realise all the benefits that Gov 2.0 can offer, then we need to support it.

Conclusions

Andrea di Maio said we need to balance the desire of government to get closer to citizens while respecting their desire and right to privacy. It's worth highlighting that the converse is also true - we need to balance the desire of citizens to get closer to government while respecting their desire and right to privacy. Citizens shouldn't be required to reveal more than is necessary - precisely because the most important thing is knowing what people really think. Effectively managing multiple identities and anonymity is a major facilitator in lowering the barriers to participation in government.

We are correct to strive for a one-to-one relationship between our physical self and our internet login, but mistaken to extend that to the relationship between our login and our online presence. I've offered a rough outline for a solution, and looked at some of the opportunities and risks. It's true that our current software infrastructure would struggle to realise this vision, but it's a simple argument - if people are creating multiple identities online and will continue to do so, and if the benefits are clear, then why aren't we modelling this behaviour properly with online identity? The social web must enable us, not constrain us.

UPDATE 18/01/10: It seems I missed the Open Identity For Government initiative while researching this post. I'm not sure how I managed that, but there it is. The initiative is high profile, wide ranging, and highly relevant to this discussion. It's based around OpenID & Information Cards, and provides many of the technical elements of my suggested solution - specifically: true anonymity with verifiability, pseudonyms, limiting personal information depending on the forum, centralised management at a trusted identity provider and strong regulation at the identity provider. The system also offers the ability to maintain multiple identities, although aspects such as identity merging & portable credibility do not seem to be supported. The initiative is, however, a great basis on which to build these elements, as it represents an ideal subset of my proposal. From another perspective this post represents an independent thought stream that reached the same conclusions, and provides plenty of meat for going beyond their proposal. In any case, apologies for the research gap - at least I found it before someone pointed it out to me :) I'm really excited by the direction that the Open Identity Initiative is taking. It looks like we're doing it right after all!

1. There is some recognition of this concept in OpenID, with a 'personas' feature allowing you to maintain different sets of information with a single OpenID. It's heading in the right direction, but it's an optional registration extension, and only implemented by a few identity providers (e.g. myOpenID). It is only utilised when registering with a service provider (application), and certainly not something the service provider needs to be aware of. The OpenID specification itself has very few references to the concept - simply describing the feature as

'A subset of the user's identity data. A user can have multiple personas as part of their identity. For example, a user might have a work persona and a home persona.'

It's ineffective for maintaining multiple identities in the manner I have described for a number of reasons, but primarily because each persona is a subset of the same data set, and secondly because there is no mechanism or requirement for the service provider to recognise separate personas. One reason for this is that it would be considered too big a job to add this support to all of the applications on the internet. However I think if you saw a few major providers - Google, Facebook etc. - doing so, smaller players would begin to support it as well. Another reason might be the added complexity to users - 'I know about username and password - what's this new persona thing'? However it would be simple to hide the persona features using a default persona, and making that the standard behaviour - the usage flow would remain unchanged for those that don't use the feature. A user need not even be aware the feature exists.

Wednesday, January 6, 2010

Dennis Howlett recently posted a scathing put-down of Enterprise 2.0 - declaring that Web 2.0 for the enterprise only makes sense in knowledge based businesses, and that even then the use cases are hard to come by. It prompted Dave Briggs to ask the question 'Is government a knowledge business?'. I'd like to propose two things: that all business is knowledge business, and that absolutely yes, government is a knowledge business. I'll back up both, beginning with an analysis of policy making.

I provided my rough definition of government in a previous post when picking up on Tim O'Reilly's vending machine analogy. The main observation is that government represents the policy management process for our society. What then is a policy management process? The UK Government Cabinet Office took a stab at it in their Better Policy Making [pdf] report, and outlined 9 features of modern policy making (summary taken from homepage) -

Forward Looking- Defining policy outcomes and taking a long term view

Outward Looking - Taking account of the national, European and international situation; learning from the experience of other countries; recognising regional variations.

Evidence Based - Basing policy decisions and advice upon the best available evidence from a wide range of sources; ensuring that evidence is available in an accessible and meaningful form.

Inclusive - Consulting those responsible for implementation and those affected by the policy; carrying out an impact assessment

Joined Up - Looking beyond institutional boundaries; setting cross-cutting objectives; defining and communicating joint working arrangements across departments; ensuring that implementation is part of the policy process.

Review - Systematic evaluation of the effectiveness of policy is built into the policy making process.

Evaluation - Existing/established policy is constantly reviewed to ensure it is really dealing with problems it was designed to solve.

Learns Lessons - Learning from experience of what works and what does not.

It is an interesting list, and if we look at some keywords from each definition - defining, learning, experience, questioning, advice, evidence, consulting, communicating, evaluation, review, design - it sounds pretty 'knowledge' oriented. Interesting too, that even human resources are framed in knowledge management terms.

A policy is typically described as a deliberate plan of action to guide decisions and achieve rational outcome(s). However, the term may also be used to denote what is actually done, even though it is unplanned.

The term may apply to government, private sector organizations and groups, and individuals.

Policies can be understood as political, management, financial, and administrative mechanisms arranged to reach explicit goals.

It's hard to avoid seeing this as a concise description of what business is up to. Going further - do we, humans, do anything but policy management? Perhaps a more palatable question is 'Do we, humans, do anything but knowledge management'?

Knowledge management (KM) comprises a range of practices used in an organisation to identify, create, represent, distribute, and enable adoption of insights and experiences. Such insights and experiences comprise knowledge, either embodied in individuals or embedded in organisational processes or practice.

KM efforts typically focus on organisational objectives such as improved performance, competitive advantage, innovation, the sharing of lessons learned, and continuous improvement of the organisation.

In terms of the enterprise, early collections of case studies recognized the importance of knowledge management dimensions of strategy, process, and measurement. Key lessons learned included: people, and the cultures that influence their behaviors, are the single most critical resource for successful knowledge creation, dissemination, and application; cognitive, social, and organizational learning processes are essential to the success of a knowledge management strategy; and measurement, benchmarking, and incentives are essential to accelerate the learning process and to drive cultural change. In short, knowledge management programs can yield impressive benefits to individuals and organizations if they are purposeful, concrete, and action-oriented.

We're talking about the same thing here. Policy Management is Knowledge Management. This is what humans do, as individuals and as organisations - it's all we do - create and implement policy through a process of knowledge management. This is what government does right now, and it is from this perspective that Gov 2.0 will be realised.

There are currently no technological platforms that enable in-depth online collaboration on the scale required by government...

It is crazy that these things have gone wrong when you've got lots and lots of retired health professionals, retired policemen, people in the teaching profession, who have huge knowledge and expertise and had they been able to contribute better to the policymaking process we could have avoided some of these problems.

So, is every business a knowledge business? Too right it is - as a collection of humans, there's no alternative. And to answer Dave Brigg's question - 'Is Government a Knowledge Business'? You bet - all our organisations - right down to our solitary selves - are just policy processes in specific contexts. We are - individually and collectively - knowledge management machines.

When looking at government as a platform, our single, axiomatic goal is to open up, improve and oil the knowledge management process that is government. If we do this, we get a better vending machine.

Tuesday, January 5, 2010

For a startup business, there's nothing more necessary than heterogeneity - your niche, your market opportunity, that little difference that gives you the edge. You stick your wedge in and start hammering - differentiating. If things pan out right, if the risks pay off, you'll carve yourself a space. You'll convince as many people as you can that it's better 'over here'. You'll compete, you'll make your space sweet and attractive, you'll advertise and persuade. How excellent it would be if everyone came 'over here'. Consolidate. And in time, with success, your niche becomes a chasm, and the last thing you need is some upstart calling everyone to somewhere else. You are now the incumbent.

Life as the incumbent is a different world. It's go steady, be loyal to your customers, stay on message, don't take risks, react. The world as a homogenous market for your product is the holy grail, and you yourself are proof that you can neither attain nor retain it. Rising entropy is just what you need.

Opponents tend to bet more aggressively against you and make risky plays in the hope of scoring big against the champ. So you need to play more conservatively and protect your chips.

In politics, the incumbent talks of security, while the challenger calls for change. In sport, the tactics and strategy of the most successful are mimicked - but it is the challenger that plays differently who succeeds in toppling the champion. When you are young, you take risks - everything is new - you are the startup business. As you get old you homogenise - your perspective is much the same as it was five, ten, twenty years ago. You play it safe - there's more at stake.

An interesting example of incumbent homogeneity being challenged is genetic mutation - very useful stuff. Evolution is the process of choosing the successful challenger - biological, cultural, political, technological and more. The challenger is the wellspring of diversity and the only means we have to reduce entropy - but it is a never-ending battle, for the successful challenger's destiny is to become the incumbent.

In the process of cultural evolution, a new meme is at first both strange and wondrous - but it begins to homogenise in our cultural consciousness as soon as it is born. It's a pattern observed in many places, and as we become the borg, the patterns of our cultural evolution will become less diverse - we will begin to evolve as one. Resistance is futile.

Saturday, January 2, 2010

Entropy is a strange word. If we look at some definitions, the strangeness becomes apparent through a list of synonyms: chaos, uncertainty, equilibrium, stasis, homogeneity. I'm going to use it to show that public participation in the policy process is inevitable. Unavoidable. A sure thing. We need to get ready for it.

In thermodynamics, where it all started, entropy is a measure of the uniformity of energy distribution within a system - higher entropy means more uniform distribution. John von Neumann is reckoned to have told Claude Shannon to name his measure of uncertainty in information theory 'entropy' because (among other things) 'nobody really knows what entropy is, so in a debate you will always have the advantage'.

Wikipedia offers:

'An everyday example of entropy can be seen in mixing salt and pepper in a bag. Separate clusters of salt and pepper will tend to progress to a mixture if the bag is shaken. Furthermore, this process is thermodynamically irreversible. The separation of the mixture into separate salt and pepper clusters via the random process of shaking is statistically improbable and practically impossible because the mixture has higher entropy.' - Wikipedia

This highlights another key part to our understanding of entropy - a closed system will increase in entropy both inevitably and irreversibly. We can see this in cosmological entropy, which argues that our universe is a closed system, and will thus reach a state of maximum entropy where all energy is evenly distributed and (consequently) all parts of the universe will be the same temperature. It's a theory that doesn't bode well for us in the (very) long run.

Point 1 only delays the inevitable. It is highly interesting that elements of both point 2 and point 3 are generally championed as solutions to the problems we face today. Is retaining some heterogeneity while allowing some homogenisation the right approach? Can it be possible to maintain both heterogenous and homogenous elements in a closed system? What is the right combination and how do we control it? According to the laws of entropy, it would appear that we can neither stop nor reverse homogenisation. Of course seeing our world as a closed system is short sighted: it is part of our solar system, which is itself part of our galaxy, and our universe. We get energy exogenously from the sun, and all life ultimately uses this source of energy to endogenously maintain diversity - to swim against the relentless tide of rising entropy. From this perspective we apparently have great potential to choose between homogeneity and heterogeneity. The trap, however, is that whenever our attention wavers, the tide sweeps us a little further toward homogeneity, and the way back may never appear. We must fight perpetually for heterogeneity if we want it. Once we perceive diversity, it is at permanent risk of fading away.

“The entropy measurement gives the average social uncertainty about what will happen for event sets in the social system. An entropy value for a unitary social system is analogous to a temperature reading for thermodynamic system, such as a volume of gas . In a state of temperature equilibrium one temperature measurement describes the whole volume of any part of it. If a social system is in an entropy equilibrium, a single entropy measurement describes the state of the system or any subsystem. For a system in partial equilibrium, the entropy values of its subsystems must be known.“ - Stephen Coleman

Coleman is saying that when we reach maximum political entropy, we will have maximum uncertainty over what is happening - in a democratic system this might mean many candidates with similar popular support - calling the result is very difficult. Further research supports this interpretation: Coleman felt that the lowest entropy system was one where the certainty of the political outcome approached 100% - e.g. a one party democracy. He also understood voting patterns as a means to measure political entropy - at minimum entropy any vote sample will identify the outcome, while at maximum entropy we must sample the entire vote to reach a conclusion.

One key aspect of the thermodynamic system is the inevitable tendency toward homogeneity, and Coleman identifies this is in his discussion of political entropy - we will head towards political systems with less certain outcomes. Also highlighted is the role of heterogeneity - the presence of subsystems, each of which must also be undergoing changes in entropy, and which influence each other to reach an eventual state of entropy equilibrium. This subsystem relationship must also be recursive, with subsystems containing subsystems to an undefined degree of complexity. The conclusion here, then, is that at maximum entropy a democratic political system is homogeneous - every citizen is a candidate with the explicit support of themselves alone.

Of course, we don't have the mechanics to support such a homogenous system - it is not possible for political entropy to reach that equilibrium. It doesn't make sense at many levels - what are the means of election? what are the means of governing? In fact, a maximum entropy democracy sounds a lot like anarchy. That's ok though - it's a theoretical maximum, an ideal - it serves as a bookend in the entropy discussion. We can observe, however, that public participation in policy making provides a pressure to increase political entropy - more people, more involved, more often. And therein lies a small paradox - our quest for transparency, for involvement, to have a say in our own government will actually deliver less certainty.

Less certainty? We don't want that do we? One might assume such at first glance, but if we look at some recent history of certainty [Iraq War][Copenhagen][Business deals][Credit Crunch][Iran election] we may see that it is in fact our our ignorance and impotence that drives calls for a more participatory and open government.

So now, with a little imagination, we can begin to see our political and cultural landscape through the lens of thermodynamics - as bubbles of gas inside each other, determined to coalesce into a single bubble of uniform temperature. On this landscape, humanity helps, hinders, increases, reduces and divides these bubbles - often unintentionally, and often without understanding the outcomes and implications.

When we look at the future of government, something becomes clear in the context of this discussion - it is inevitable that citizen involvement will increase and, barring monumental upheaval, we can't stop it, and we can't go back. We're going to need better tools to manage our cultural and political entropy - because government as a platform will deliver mechanisms that allow us to move ever closer to the theoretical maximum.